Authentication and IoT - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Encryption

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

A connected world means a vulnerable world Utilities now rely on large networks of IoT devices, from sensors buried underground to servers that crunch data in remote locations. But the moment we bring IoT into the mix, we create thousands of potential entry points for attackers.

IoT

IoT Firmware Encryption Authentication

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

DECEMBER 30, 2020

While the FBI is currently working with smart home device manufacturers to increase security settings, consumers with camera and voice activated home internet devices are urged to update their passwords, enable multi-factor authentication, and practice good cyber hygiene.

IoT

IoT Hacking Internet Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. He found that 39 percent of the vulnerable IoT things were in China; another 19 percent are located in Europe; seven percent of them are in use in the United States.

IoT

IoT Firewall Manufacturing Computers and Electronics

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Infineon supplies semiconductors embedded in smart systems, most notably in automotive, power and IoT. We can execute a lot of machine learning, at the edge, in IoT devices.

IoT

IoT Internet Internet Technology

IoT Inspector Tool from Princeton

Schneier on Security

MAY 1, 2018

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. Related: IoT Hall of Shame. Some examples include: Samsung Smart TV.

IoT

IoT Manufacturing Encryption DNS

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication. We spoke at RSA 2020. And that’s not an easy task.

Authentication

Authentication Cloud Migration Accountability Digital transformation

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The Last Watchdog

MARCH 4, 2020

However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled. Related : The promise and pitfalls of IoT At the technology level, two fundamental things must get accomplished. More IoT standards are sure to come, but regulation will raise the bar only so high.

IoT

IoT Authentication Internet Internet

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

MARCH 28, 2019

Related: IoT botnets now available for economical DDoS blasts. This attacker easily located IoT devices that used the manufacturers’ default security setting. He set loose a self-replicating internet worm to gain control of 600,000 household IoT devices. In fact, it can be argued that the opposite is happening. Barest tip.

DDOS

DDOS IoT DNS Internet

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Related: IoT growing at a 24% clip To get there to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge to benefit humankind cybersecurity must first catch up. Every device, every connection, every interaction must be verified, authenticated, and monitored.

Internet

Internet Internet IoT Manufacturing

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

The Last Watchdog

DECEMBER 5, 2019

My primer on the going forward privacy and security implications of IoT — What Everyone Should Know About the Promise and Pitfalls of the Internet of Things — won second place in the contest’s IoT Security category.

IoT

IoT Cyber Risk Internet Internet

GCHQ on Quantum Key Distribution

Schneier on Security

AUGUST 1, 2018

Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.

Big data

Big data Encryption Authentication IoT

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

Security Boulevard

JANUARY 31, 2024

The rise of electric vehicles (EVs) and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion detection systems, and collaboration.

IoT

IoT Firmware Authentication Risk

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

JANUARY 22, 2021

billion Internet of Things (IoT) devices. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point. government, standards will not apply to the IoT market at-large. Implications for IoT devices.

IoT

IoT Cybersecurity Manufacturing Government

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication.

Passwords

Passwords Authentication Firmware Accountability

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

Kalay platform vulnerability exposes millions of IoT devices to cyber attacks

CyberSecurity Insiders

AUGUST 18, 2021

Cybersecurity Researchers from Mandiant have disclosed that millions of IoT devices operating across the globe were vulnerable to cyber attacks because of a flaw in Kalay Cloud platform software supplied by ThroughTek. ThroughTek has issued a fix of 3.1.10

IoT

IoT Cyber Attacks Social Engineering Manufacturing

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

Digital transformation: The integration of IoT, SCADA systems, and advanced analytics has increased operational efficiency but also expanded the attack surface. Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels.

Energy and Utilities

Energy and Utilities IoT Artificial Intelligence Backups

NEW TECH: Silverfort deploys ‘multi-factor authentication’ to lock down ‘machine identities’

The Last Watchdog

NOVEMBER 6, 2019

From the start, two-factor authentication, or 2FA , established itself as a simple, effective way to verify identities with more certainty. Related: A primer on IoT security risks The big hitch with 2FA, and what it evolved into – multi-factor authentication, or MFA – has always been balancing user convenience and security.

Authentication

Authentication Digital transformation Software Accountability

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

How can home security be improved with IoT?

CyberSecurity Insiders

JANUARY 31, 2022

The Internet of Things (IoT) has been exploding in the last decade, with more and more connected objects or devices. IoT also enables home security systems to offer a variety of new features, such as secure biometrics and face detection at your door. . IoT enables secure, remote updates, for devices installed for a long time.?

IoT

IoT Wireless Technology Internet

Ubiquiti All But Confirms Breach Response Iniquity

Krebs on Security

APRIL 4, 2021

Ubiquiti’s IoT gear includes things like WiFi routers, security cameras, and network video recorders. Their products have long been popular with security nerds and DIY types because they make it easy for users to build their own internal IoT networks without spending many thousands of dollars. And on Jan.

Authentication

Authentication IoT Accountability Passwords

Flaws in Xerox VersaLink MFPs Spotlight Printer Security Concerns

Security Boulevard

FEBRUARY 19, 2025

Two security flaws found in Xerox VersaLink MFPs could allow hackers to capture authentication credentials and move laterally through enterprise networks and highlight the often-overlooked cyber risks that printers and other IoT devices present to organizations.

Cyber Risk

Cyber Risk IoT Authentication Risk

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

The Last Watchdog

APRIL 24, 2025

Related: PKI and the IoT cloud One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence of a dedicated Public Key Infrastructure (PKI) framework, tailored to banks and payment networks, guided by the Accredited Standards Committee X9 (ASC X9), and being rolled out by DigiCert.

Banking

Banking Internet Internet IoT

Authentication and access management increasingly perceived as core to Zero Trust Security

Thales Cloud Protection & Licensing

SEPTEMBER 13, 2021

Authentication and access management increasingly perceived as core to Zero Trust Security. The acceleration of cloud migration and the proliferation of containers, microservices and IoT devices have placed identity in the center of corporate security, making identity and access management (IAM) as important as never before.

Authentication

Authentication Cloud Migration IoT Technology

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data.

Firmware

Firmware Manufacturing IoT Healthcare

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

The Hacker News

FEBRUARY 8, 2023

National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications.

IoT

IoT Encryption Authentication Internet

Top 10 Cybersecurity Trends to Expect in 2025

Hacker's King

DECEMBER 24, 2024

Companies will adopt stricter identity verification and access controls, ensuring that even internal users face rigorous authentication processes. Growth of IoT Security Solutions With billions of Internet of Things (IoT) devices connecting to networks worldwide, IoT security will be a top priority.

Cybersecurity

Cybersecurity Cyber Insurance IoT Insurance

Inrupt, Tim Berners-Lee's Solid, and Me

Schneier on Security

FEBRUARY 21, 2020

Data generated by your things -- your computer, your phone, your IoT whatever -- is written to your pod. Either IoT companies are going to enter into individual data sharing agreements, or they'll all use the same language and protocols. The idea behind Solid is both simple and extraordinarily powerful.

IoT

IoT Internet Internet Technology

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

eSecurity Planet

AUGUST 10, 2021

In a recent blog post , the researchers said the bad actors are looking to leverage a path traversal vulnerability that could affect millions of home routers and other Internet of Things (IoT) devices that use the same code base and are manufactured by at least 17 vendors. The responsibility here must lie with the end users.”

IoT

IoT DDOS Internet Internet

How Will 5G Technology Alter IoT Security And How Can We Prepare?

CyberSecurity Insiders

JANUARY 28, 2022

Moreover, predictions made by Gartner indicate that a staggering 59% of organizations plan to support their IoT networks through 5G- which opens up new avenues for cybercriminals to exploit. This article explores the possible ramifications that 5G could have for IoT security, along with some steps that enterprises can take to prepare for it.

IoT

IoT Technology Mobile Software

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

The Last Watchdog

AUGUST 1, 2022

I had the chance to discuss the wider significance of Matter with Mike Nelson, DigiCert’s vice president of IoT security. Nelson: The security challenges present in many smart home devices include device identity, proper authentication (user and device), confidentiality of sensitive data, and integrity of software.

Manufacturing

Manufacturing IoT Surveillance Authentication

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. reads the report published by Black Lotus Labs. The FBI recommends limiting or isolating vulnerable devices, monitoring networks, and following cybersecurity best practices.

Architecture

Architecture Internet Internet Malware

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Persistent exploitation of legacy systems One of the most alarming aspects of Ghost ransomware is its focus on legacy IoT and OT environments. He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise.

Ransomware

Ransomware IoT Encryption Social Engineering

Episode 250: Window Snyder of Thistle on Making IoT Security Easy

The Security Ledger

MAY 13, 2023

In this episode of the podcast, I speak with Window Snyder, the founder and CEO of Thistle Technologies about the (many) security challenges facing Internet of Things (IoT) devices and her idea for making things better: Thistle’s platform for secure development and deployment of IoT devices. Read the whole entry. »

IoT

IoT Internet Internet Technology

Google to Fix Location Data Leak in Google Home, Chromecast

Krebs on Security

JUNE 18, 2018

According to Tripwire, the location data leak stems from poor authentication by Google Home and Chromecast devices, which rarely require authentication for connections received on a local network. “This means that all requests must be authenticated and all unauthenticated responses should be as generic as possible. .

IoT

IoT Internet Internet Wireless

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

SecureWorld News

AUGUST 3, 2024

The hidden weakness: human error Despite leaps in cybersecurity technology, human error remains an Achilles heel in SCADA and IoT security. Multi-factor authentication (MFA) and stringent password policies can safeguard against unauthorized access, even if an individual's password is compromised.

IoT

IoT Education Technology Passwords

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

The Last Watchdog

FEBRUARY 28, 2022

This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development. Whether it’s IoT (Internet of Things) devices, desktop applications, web applications native to the web browsers, or mobile applications – all these types of software rely on APIs in one way or another.

Mobile

Mobile Penetration Testing IoT Digital transformation

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

The Last Watchdog

FEBRUARY 21, 2024

Related: How decentralized IoT boosts decarbonization Yet, more so than ever, infusing trustworthiness into modern-day digital services has become mission critical for most businesses. If you factor in where we are in the world today with things like IoT, quantum computing and generative AI, we could be heading for a huge trust crisis.”

Energy and Utilities

Energy and Utilities IoT Manufacturing Healthcare

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,IOT)

Firmware

Firmware IoT Wireless Surveillance

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The Last Watchdog

NOVEMBER 14, 2022

It could be the key that securely interconnects IoT systems at a much deeper level, which, in turn, would pave the way to much higher tiers of digital innovation. I had the chance to sit down, once more , with Mike Nelson, DigiCert’s vice president of IoT security, to discuss the wider significance of this milestone standard.

Internet

Internet Internet IoT Manufacturing

IoT devices have serious security deficiencies due to bad random number generation

CSO Magazine

AUGUST 13, 2021

These are used for authentication, encryption, access control and many other aspects of modern security and they all require cryptographically secure random numbers -- sequences of numbers or symbols that are chosen in a way that's unpredictable by an attacker. Learn the 10 identity management metrics that matter. |

CSO

CSO IoT Encryption Authentication

IoT Unravelled Part 3: Security

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

Webinars

Trending Sources

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Webinars

P2P Weakness Exposes Millions of IoT Devices

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

IoT Inspector Tool from Princeton

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

GCHQ on Quantum Key Distribution

Top IoT Security Solutions of 2021

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

The IoT Cybersecurity Act of 2020: Implications for Devices

Ubiquiti: Change Your Password, Enable 2FA

Overview of IoT threats in 2023

Kalay platform vulnerability exposes millions of IoT devices to cyber attacks

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

NEW TECH: Silverfort deploys ‘multi-factor authentication’ to lock down ‘machine identities’

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

How can home security be improved with IoT?

Ubiquiti All But Confirms Breach Response Iniquity

Flaws in Xerox VersaLink MFPs Spotlight Printer Security Concerns

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

Authentication and access management increasingly perceived as core to Zero Trust Security

PTZOptics cameras zero-days actively exploited in the wild

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

Top 10 Cybersecurity Trends to Expect in 2025

Inrupt, Tim Berners-Lee's Solid, and Me

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

How Will 5G Technology Alter IoT Security And How Can We Prepare?

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Episode 250: Window Snyder of Thistle on Making IoT Security Easy

Google to Fix Location Data Leak in Google Home, Chromecast

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

IoT devices have serious security deficiencies due to bad random number generation

Stay Connected